W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest-MessageDigest doesn't work with proxies

From: John Franks <john@math.nwu.edu>
Date: Fri, 1 Mar 1996 17:15:30 -0600 (CST)
To: Paul Leach <paulle@microsoft.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, hallam@w3.org
Message-Id: <Pine.SUN.3.91.960301170249.1425B-100000@hopf.math.nwu.edu>
On Fri, 1 Mar 1996, Paul Leach wrote:
> 
> Consider: if the client does a GET and the proxy serves it from the cache,
> where does the "nonce" come from that is needed to compute and
> check <message-digest> -- cached data, the proxy's nonce from
> proxy-auth, or does the proxy have to always go to the origin-server?
> 

It always has to go to the origin-server.  Here is a quote from
from section on Access Authentication from  the HTTP/1.1 spec draft at

	http://www.w3.org/pub/WWW/Protocols/HTTP/1.1/spec.html

   "Proxies must be completely transparent regarding user
   agent authentication. That is, they must forward the
   WWW-Authenticate and Authorization headers untouched, and
   must not cache the response to a request containing
   Authorization."


The problems you are addressing are important and need to be solved.
But Digest Authentication is not the mechanism to solve those problems.
It is a very small step in the right direction, intended only to replace
a misstep, viz.  Basic Authentication.


John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Friday, 1 March 1996 15:18:59 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:47 EDT